Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!xlink.net!fauern!rrze.uni-erlangen.de!late.e-technik.uni-erlangen.de!eilts From: eilts@late.e-technik.uni-erlangen.de (Hinrich Eilts) Newsgroups: comp.os.386bsd.questions Subject: Re: Security question Date: Mon, 6 Dec 1993 09:19:26 GMT Organization: LATE, Uni-Erlangen, Germany Message-ID: <2duteuEig7@uni-erlangen.de> References: <2dodgn$s9s@bigboote.WPI.EDU> <1993Dec4.065700.11472@news.csuohio.edu> <CGD.93Dec3232517@eden.CS.Berkeley.EDU> NNTP-Posting-Host: late4.e-technik.uni-erlangen.de Lines: 26 cgd@eden.CS.Berkeley.EDU (Chris G. Demetriou) writes: >you have to do the following to make a PC secure: > (1) jumper the turbo and reset switches, so that users can't > change their settings > (2) have the power supply set up so that it's always on. > (i.e. remove the switch) > (3) seal the case in some way so that users can't phyically > open it. > (4) set your bios to boot off of c: before a: > (5) set the bios passwd, so users can't change it. > (6) adjust the boot block so that it doesn't accept input > regarding boot device and the debugging flag > (7) set up init so that single-user boots are 'secure' (man ttys > for more info). (8) lock SCSI-bus to (2): there are plugs, fuses, ..., also to (8): it's only neccessary if your kernel allows booting from an (external) SCSI-device. But, of course, there is (x), the unknown ... -- Bye | G i b D O S | Hinrich Eilts | k e i n e | (e-mail: eilts@late.e-technik.uni-erlangen.de) | C h a n c e ! |